aboutsummaryrefslogtreecommitdiff
path: root/docs/libcurl/opts
diff options
context:
space:
mode:
Diffstat (limited to 'docs/libcurl/opts')
-rw-r--r--docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.312
1 files changed, 11 insertions, 1 deletions
diff --git a/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3 b/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
index f7ff1b203..e8ad671f7 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -57,6 +57,15 @@ man-in-the-middle the communication without you knowing it. Disabling
verification makes the communication insecure. Just having encryption on a
transfer is not enough as you cannot be sure that you are communicating with
the correct end-point.
+
+NOTE: even when this option is disabled, depending on the used TLS backend,
+curl may still load the certificate file specified in
+\fICURLOPT_CAINFO(3)\fP. curl default settings in some distributions might
+use quite a large file as a default setting for \fICURLOPT_CAINFO(3)\fP,
+so loading the file can be quite expensive, especially when dealing
+with many connections. Thus, in some situations, you might want to disable
+verification fully to save resources by setting \fICURLOPT_CAINFO(3)\f to
+NULL - but please also consider the warning above!
.SH DEFAULT
By default, curl assumes a value of 1.
.SH PROTOCOLS
@@ -81,3 +90,4 @@ Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
.BR CURLOPT_SSL_VERIFYHOST "(3), "
.BR CURLOPT_PROXY_SSL_VERIFYPEER "(3), "
.BR CURLOPT_PROXY_SSL_VERIFYHOST "(3), "
+.BR CURLOPT_CAINFO "(3), "